| Beschreibung: | Description:
The remote host is missing updates announced in
advisory SUSE-SA:2007:018.
A kernel update has been released to fix the following security problems:
- CVE-2006-2936: The ftdi_sio driver allowed local users to cause a denial
of service (memory consumption) by writing more data to
the serial port than the hardware can handle, which causes
the data to be queued. This requires this driver to be
loaded, which only happens if such a device is plugged
in.
- CVE-2006-4814: A deadlock in mincore that could be caused by local
attackers was fixed.
- CVE-2006-6106: Multiple buffer overflows in the cmtp_recv_interopmsg
function in the Bluetooth driver
(net/bluetooth/cmtp/capi.c) in the Linux kernel allowed
remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via CAPI messages with a
large value for the length of the (1) manu (manufacturer)
or (2) serial (serial number) field.
- CVE-2006-5749: The isdn_ppp_ccp_reset_alloc_state function in
drivers/isdn/isdn_ppp.c in the Linux kernel does not
call the init_timer function for the ISDN PPP CCP
reset state timer, which has unknown attack vectors
and results in a system crash.
- CVE-2006-5753: Unspecified vulnerability in the listxattr system call in
Linux kernel, when a bad inode is present, allows local
users to cause a denial of service (data corruption)
and possibly gain privileges.
- CVE-2007-0772: A remote denial of service problem on NFSv2 mounts with
ACL enabled was fixed.
and various non security bugs.
This update only covers SUSE Linux Enterprise 10 and SUSE Linux 10.1. The above
listed problems also affect other kernels, for which updates will be published.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:018
Risk factor : High
CVSS Score:
7.8
|
